Data Protection
The German text provided shall be controlling and binding. The English language translation is provided for convenience only.
Oldenburgische Landesbank AG (OLB Bank) is highly committed to a careful handling of your personal data. We appreciate the trust you place in us and assure you that we will handle your personal data with the utmost care and in line with the General Data Protection Regulation of the European Union (GDPR), the German Federal Data Protection Act (BDSG) and other requirements under data protection acts.
This Privacy Policy applies to the information we provide to visitors to our website at www.olb.de, as well as its different subdomains, for example “wuestenrot.olb.de” (hereinafter as a whole referred to as “Website”). Please note that this Privacy Policy might contain specific notes which are only relevant for individual menu items or subdomains of the Website.
The information provided below is on the type, scope and purpose, as well as the legal basis, for data processing on our Website. Furthermore, we wish to inform you about your rights and provide you with points of contacts for questions about data protection.
We recommend you read this Privacy Policy on a regular basis, since amendments of the law or of our internal processes might require an adaptation of this Privacy Policy. The Privacy Policy can be retrieved, stored and printed, at any time, by visiting https://www.olb.de/informationen/datenschutz. The controller as defined in the data protection acts, in particular, the EU General Data Protection Regulation (GDPR) is: :
Oldenburgische Landesbank AG
Stau 15/17
26122 Oldenburg
You may exercise the following rights, at any time, by contacting our Data Protection Officer:
- right of access to any of your data that we store and its processing (Article 15 of GDPR);
- rectification of inaccurate personal data (Article 16 of GDPR);
- erasure of data stored by us (Article 17 of GDPR);
- restriction of processing, insofar as we are not allowed to erase your data based on legal obligations (Article 19 of GDPR);
- objection against the processing of your data by us (Article 21 of the GDPR);
- data portability if you have given your consent to the data processing or concluded a contract with us (Article 20 of GDPR).
If you have provided us with your consent to the use of your data, you may withdraw this consent at any time for the future. You may lodge a complaint with the supervisory authority, at any time, e.g. with the competent supervisory authority of the federal state of your place of residence or with the authority which is responsible for us. For a list of supervisory authorities (for the non-public sector), including address, please visit https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Type and purpose of the processing and legitimate interests:
When you visit our websites, i.e. unless you log in (e.g. for online banking) or transfer any other information we automatically collect information of a general type. Such information (server logfiles) contains, for instance, the type of the web browser, the operating system you use, the domain name of your internet service provider, your IP address and similar information. It will be processed, in particular, for the following purposes:
- guaranteeing a smooth connection to the website;
- ensuring the comfortable use of our website;
- evaluating system security and stability;
- protecting against cyber-attacks; and
- for other administrative purposes.
We will not use your data for drawing conclusions on your person. We might assess information of such type for statistical purposes to optimize our internet presentation and the technology behind it.
Legal basis:
The processing is based on our legitimate interest in website stability and functionality enhancement in terms of point (f) of Article 6(1) of GDPR.
Recipients:
Recipients of the data might be technical service providers which are active as processors for operating and maintaining our website.
Storage period:
Data will be erased as soon as such is no longer necessary in relation to the purposes for which it was collected. For data serving the provision of the website, that applies generally at the end of the relevant session.
Provision mandatory or required:
The provision of the above-mentioned personal data is not required on either a legal or contractual basis. However, the service and functionality of our websites is not ensured without the IP address. In addition, individual services might not be available or only available with restrictions. Therefore, an objection is excluded.
Type and purpose of the processing:
If you enter into a product deal for using our personalised services (e.g. current account), we collect some personal data such as name, address, contact and communication data (e.g. phone number and email address). You are our client and may access contents and services that are exclusively available for clients. Registered users are additionally able to change or erase the data provided, at any time, in case of need. Naturally, we will provide you, in addition, with access to the personal data we store about you, at any time.
Legal basis:
The data you enter for closing the product deal will be processed on the basis of a consent by the user (point (a) of Article 6 (1) of GDPR). If the product deal serves to perform a contract to which the data subject is a party or to take pre-contractual measures, an additional legal basis for processing data is point (b) of Article 6 (1) of GDPR.
Recipient:
Recipients of the data might be technical service providers who are active as processors for the operation and maintenance of our websites or for the provision of the application processes.
Storage period:
Data will only be processed in this connection for as long as the consent was given. Afterwards, they will be deleted, unless that is opposed by legal retention periods. Please use the contact data provided at the end of this Privacy Policy.
Provision mandatory or required:
Your personal data is provided voluntarily, solely on the basis of your consent. We are unable to grant access to the services we offer without the provision of your personal data.
Type and purpose of the processing:
Like many other websites, we use so-called “Cookies” and similar tracking technologies (e.g. Pixel). Cookies are small text files which are stored on terminal devices (laptop, tablet, smartphone etc.) when you visit our website.
Insofar as third parties process information from cookies, they collect such information directly from your internet browser.
You may, naturally, also visit our website without cookies. Internet browsers are regularly set to accept cookies. You may generally deactivate the use of cookies, at any time, by making the relevant browser settings. Please use the help function of your internet browser to learn how you may change these settings. Please observe that some functions of our website might not work if you have deactivated the use of cookies.
Cookies and tracking technologies used:
Insofar as you give your consent to the use of cookies by your browser settings or consent, the following cookies and tracking technologies might be used on our websites:
- Essential: These cookies are required for technical reasons so that you can visit our website and may use the functions we offer. That applies, for example, to a cookie which stores the authentication data of a client after they logged in to our secured online banking sections so that the client remains logged in to online banking even after changing the page. That relates, for example, also to those cookies which ensure that any user-related configuration of functionalities on our website (e.g. for online banking) that you have set remains intact across sessions. In addition, these cookies contribute to a secure use of the website that is conformity with the regulations.
- Functional: These cookies enable us to analyse the use of the website and to improve the performance and functionality of our website. They collect, for instance, information on how users use our website, which websites are opened most or whether error messages are displayed on certain pages. That applies, for example, to cookies which are used on our websites for website analysis services. Please note: If you exercise your potential right to object against the use of such a cookie, an opt-out-cookie will be set in your internet browser which blocks the further data collection through an advertising cookie by the operator of the website or any third-party provider. If you erase this opt-out-cookie, a renewed data collection will not be prevented. Please obtain information about the lifespan of an opt-out-cookie. When you re-visit the site, it will recognise automatically that you have already visited us and what entries and settings you prefer. These necessary cookies will be stored on your hard drive and are erased automatically after a certain period of time. These cookies are used, in particular, to make our offer more user-friendly, and more efficient.
- Marketing: Advertising cookies (even third-party providers) enable us to display different offers to you that correspond to your interests. These cookies record the advertising activities of users over a longer period of time. You might recognise the cookies on different devices you use. Please note: If you exercise your potential right to object against the use of such a cookie, an opt-out-cookie will be set in your internet browser which blocks the further data collection through an advertising cookie by the operator of the website or any third-party provider. If you erase this opt-out-cookie, a renewed data collection will not be prevented. Please obtain information about the lifespan of an opt-out-cookie. Cookies for marketing purposes are used to display ads for the user that are relevant for them and aligned to their interests. In addition, they are used to limit the number of times an ad is displayed and to measure the effectiveness of advertising campaigns.
Legal basis:
Given the purposes of use described above, the legal basis for processing personal data by using cookies is point (f) of Article 6 (1) sentence 1 of GDPR: If you have given your consent to use cookies based on a note provided on the website (user settings – “Cookie Banner”), the lawfulness of the use is also based on point (a) of Article 6 (1) sentence 1 of GDPR. Another legal basis is the compliance with a legal obligation pursuant to point (c) of Article 6 (1) sentence 1 of GDPR.
Recipients:
Recipient of the data are third-party providers, if you have given your consent or give us your instructions. That shall also apply in case that you authorise a connection with the account or platform of third parties.
Storage period:
The storage period depends on the relevant function. For further details, please refer to the user settings.
Most internet browsers are set to accept cookies as a standard. You may, however, configure your internet browser so as to accept only certain or no cookies at all. Please note, that you might no longer be able to use the functions of our website and might, instead, receive warnings and error messages if cookies are deactivated on our website due to your browser settings.
You may also erase cookies which are already stored in your internet browser through your browser settings. Furthermore, it is possible to set your internet browser to inform you before cookies are stored. Since different internet browsers might have different functions, please use the help menu of your internet browser to learn more about the configuration options.
If you need a comprehensive overview of all accesses made by third parties to your internet browser, we recommend installing the specifically developed plug-ins.
We recommend to always log out completely from any device after its use that you use jointly with others and the internet browser of which is set to allow cookies.
Provision mandatory or required:
You provide your personal data voluntarily. You may adapt your settings, at any time, at user settings.
Transfer to third countries:
Insofar as we transfer your personal data to countries outside of the European Economic Area (EEA) or engage processors in such countries (e.g. in the US), we comply with the legally required standards and security measures. We do so, for example, by using service providers or by concluding so-called EU standard contracts. For more information, please contact us.
Type and purpose of the processing:
We request additional data in order to render fee-based services, such as e.g. payment data enabling us to perform your electronic transfers.
Legal basis:
Data required for concluding the contract are processed on the basis of point b. of Article 6(1) of GDPR.
Recipients:
Recipients of the data might be processors which we require for handling your orders.
Storage period:
We store such data in our systems until the legal retention periods expire. Data is generally 6 or 10 years for reasons of an orderly bookkeeping and requirements under tax laws.
Provision mandatory or required:
You provide your personal data voluntarily. We are unable to grant access to the contents and services we offer without the provision of your personal data.
Use of Google Maps
Type and purpose of the processing:
We use the services of Google Maps on this Website. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). This allows us to provide you with interactive maps directly on this Website and it makes using the map feature more convenient for you.
For more information on data processing by Google, please refer to Google’s privacy policy. You may also change your personal data privacy settings in their data protection centre.
For more instructions on managing your own data in connection with Google products, please see here.
Legal basis:
Legal basis for embedding Google Maps and for the associated data transfer to Google is your consent (point (a) of Article 6 (1) of GDPR).
Recipient:
By visiting this Website, Google will receive information that you have accessed the corresponding sub-page of our Website. This is made independently of whether Google provides a user account that you have logged into or whether you have no user account. If you are logged into Google, your data will be directly linked to your account.
If you do not wish for Google to link data to your profile, you have to log out of Google before clicking on the button. Google saves your data as user profiles and utilises them for advertisement, market research, and/or a need-based design of their website. The particular objectives of such analysis (even in case of users who are not logged in) are the provision of need-based advertisement and informing other users of the social network about your activities on our Website. You have the right to object to the creation of these user profiles, which must be exercised towards Google.
Storage period:
We will not collect any personal data by embedding Google Maps.
Transfer to third countries:
Google will process your data in the USA.
Withdrawing your consent:
If you do not want Google to collect, process or use data about you through our internet presentation, deactivate JavaScript in the settings of your browser. In such case, you may, however, not use our Website or only use it with restrictions.
Provision mandatory or required:
Your personal data is provided voluntarily, solely on the basis of your consent. If you restrict the access, that might result in the restriction of functions on the website.
Embedded YouTube videos
Type and purpose of the processing:
We embed YouTube videos on some of our Websites. The operator of the relevant plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter “YouTube“). If you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers will be made. YouTube will receive information on which sites you visit. If you are logged in to your YouTube account you allow YouTube to directly associate your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account before the visit.
When the playback of embedded YouTube videos is started, the provider uses cookies to collect information on the user behaviour.
For more information on the purpose and scope of the data collection and processing by YouTube, please refer to the Privacy Policy of the provider. It will also give you more information on your associated rights and setting options to protect your privacy (https://policies.google.com/privacy). Google processes your data in the USA and has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Legal basis:
Legal basis for embedding YouTube and the associated data transfer to Google is your consent (point (a) of Article 6(1) of GDPR).
Recipients:
Whenever you open YouTube, a connection will automatically be made to Google.
Storage period and withdrawal of consent:
Persons who deactivated the storing of cookies for the Google Ad programme will not receive any such cookies when they watch YouTube videos. However, YouTube also stores non-personal usage data in other cookies. If you wish to prevent that, you need to block the storing of cookies in the browser. For more information on privacy when using “YouTube" refer to the provider’s privacy policy at: https://www.google.de/intl/de/policieis/privacy/.
Transfer to third countries:
Google will process your data in the USA.
Provision mandatory or required:
Your personal data is provided voluntarily, solely on the basis of your consent. If you restrict the access, that might result in the restriction of functions on the website.
Google Ads
Our Website uses Google Conversion tracking. The operating company of the services of Google AdWords is Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you visit our website because you clicked on an ad placed by Google, Google AdWords will set a cookie on your computer. The cookie for conversion tracking will be set if a user clicks on an AdWords ad placed by Google.
If a user visits certain pages of our website and the cookie has not yet expired, Google and we can see that the user clicked on the ad and was forwarded to that page. Each Google AdWords customer receives a different cookie. It is thus not possible to track cookies through the websites of AdWords customers. The information obtained using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers receive information on the total number of users who have clicked on their ad and have been forwarded to a web page with a conversion tracking tag. They do not, however, receive any information which can be used for the personal identification of users.
Legal basis:
Legal basis for embedding Google AdWords and the associated data transfer to Google is your consent (point (a) of Article 6(1) of GDPR).
Recipients:
Personal data, including your IP address will be transferred to Google in the USA during each visit of our Website. Such personal data is stored by Google. Google might disclose this personal data collected through the technical process to third parties under some circumstances.
Our company will not receive any information from Google which might allow for an identification of the data subject.
Storage period:
These cookies become invalid after 30 days and do not serve the purpose of personal identification.
Transfer to third countries:
Google will process your data in the USA.
Withdrawing your consent:
If you do not want to take part in the tracking, reject the setting of the required cookies – by choosing the browser setting which generally deactivates the automatic setting of cookies or by setting your browser to block the setting of cookies from the “googleleadservices.com” domain. Please note that you must not erase the opt-out-cookies if you do not want the recording of measuring data. If you erased all the cookies in the browser, you need to re-set the opt-out cookie.
Provision mandatory or required:
Your personal data is provided voluntarily, solely on the basis of your consent. If you restrict the access, that might result in the restriction of functions on the website.
Use of etracker
Type and purpose of the processing:
The provider of this website uses the services of etracker GmbH based in Hamburg, Germany (www.etracker.com) to analyse usage data. Cookies are set which allow for a statistical analysis of the use of this website by its visitors and the display of usage-related contents or advertising.
The data generated by etracker will exclusively be processed and stored by etracker in Germany on behalf of the provider of this website and is thus subject to the strict German and European data protection acts and standards. etracker was audited and certified for this purpose and received the ePrivacyseal data protection quality seal.
Our legitimate interest is the optimisation of our online offer and our internet presentation. Since we are committed to the privacy of our visitors, the IP address will be anonymised with etracker as soon as possible and log-in data or device identifications are converted to a unique key which cannot be allocated to any person. No other use, combination with other data or any disclosure to third parties will be done by etracker.
You may object to the above-mentioned data processing at any time, insofar as it relates to personal data. No disadvantages will arise for you if you object.
For more information on data privacy at etracker, please see here.
Legal basis:
The legal basis for the data processing is point (f) of Article 6 (1) of the EU General Data Protection Regulation (EU GDPR) (legitimate interest).
Recipients:
Usage data, including your IP address will be transferred to etracker during each visit of our Website.
Withdrawing your consent:
You may object to the above-mentioned data processing at any time, insofar as it relates to personal data. No disadvantages will arise for you if you object.
Provision mandatory or required:
Your personal data is provided voluntarily, solely on the basis of your settings. You may adapt your settings, at any time, at user settings.
Use of Trusted Shops
Type and purpose of the processing:
In order to display our Trusted Shops Seal of Approval and, if necessary, the compiled evaluations as well as the offer of Trusted Shops products to customers after a purchase, the Trusted Shops Trustbadge is included on this Website.
This serves to safeguard our predominantly legitimate interests within the framework of a balancing of interests in marketing our offer in an optimal manner pursuant to point (f) of Article 6 (1) GDPR. The Trustbadge and the services promoted along with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.
When the Trustbadge is accessed, the web server automatically stores a so-called server logfile, which stores details such as your IP address, the date and time of access, the volume of data transferred, and the requesting provider (access data) and registers your visit. This access data is not analysed and is overwritten automatically seven days after the end of your visit to the site, at the latest.
Further personal data is merely transferred to Trusted Shops insofar as you have given your consent, if you decided to use Trusted Shops products after conclusion of an order, or have already registered for their use. In this case, the contractual agreement concluded between you and Trusted Shops applies.
Legal basis:
The legal basis for the data processing is point (f) of Article 6 (1) of the EU General Data Protection Regulation (EU GDPR) (legitimate interest).
Recipients:
Personal data, including your IP address will be transferred to Trusted Shops during each visit of our Website.
Withdrawing your consent:
You may object to the above-mentioned data processing at any time, insofar as it relates to personal data. No disadvantages will arise for you if you object. Provision mandatory or required: Your personal data is provided voluntarily, solely on the basis of your settings. You may adapt your settings, at any time, at user settings.
Use of reCAPTCHA
Nature and purpose of processing:
We use the services of reCAPTCHA on this website. reCAPTCHA is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter "Google"). This service protects the website from bots. This service collects and analyzes a user's interactions on the website and creates a score which helps to identify suspicious user behavior. The reCAPTCHA analyses run solely in the background. Visitors to the website are not made aware that any analysis is taking place. You can find more information about data processing by Google in the Google privacy policy. It is here that you can also change your personal privacy settings in the Privacy Center.
Legal basis:
The legal basis for the integration of reCAPTCHA and the associated data transfer to Google is the legitimate interest in protecting offers on the Web from attacks and spying (Art. 6 para. 1 lit. f DSGVO).
Recipients:
Whenever you visit our website, personal data, including your IP address, is transferred to Google in the USA. This personal data is stored by Google. Google may pass on this personal data collected via these technical processes to third parties. Our company does not retain any information from Google by means of which the data subject could be identified.
Storage period:
Data is deleted as soon as it is no longer required for our recording purposes.
Third-country transfer:
Google processes your data in the USA.
Withdrawal of consent:
If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use our website or only to a limited extent.
Provision mandatory or required:
The provision of your personal data is voluntary, based solely on the settings you have made. If you disable access, this may result in functional restrictions on the website.
Use of pagestrip – interactive annual report
Nature and purpose of processing:
To display the annual report, the software tool software pagestrip is integrated, which is operated by alice interactive GmbH, Löwengasse 18/13c, 1030 Vienna, Austria. When the annual report is called up, the web server automatically saves a so-called server log file, which contains, for example, the first three digits of the IP address, the date and time of the call-up, the volume of data transferred and the requesting provider (access data) and documents the call-up. This access data is not evaluated and is deleted at the latest 14 days after the end of the page visit.
Legal basis
The data processing is carried out on the legal basis of Art. 6 para .1 lit a (consent) of the EU Data Protection Regulation (EU-DSGVO). The IP address is not stored in full in so-called server logs, but must be transmitted for technical reasons for the delivery of content and is not processed for any other purpose (Art. 5 para.1 lit b/c).
Recipient
The recipient of the so-called HTTP request to deliver the content is alice interactive GmbH.
Storage period
The storage of non-personal data is limited to a maximum of 14 days. Personal data is not stored by alice interactive GmbH.
Third country transfer
A transfer to a third country does not take place.
Revocation of consent:
If users do not wish to transfer their IP address to alice interactive GmbH, where a time-limited storage of parts of the IP address occurs as described above, they can deactivate this in our "Privacy settings". In this case, however, the digital version of the annual report cannot be viewed.
Provision mandatory or required:
The provision of personal data (IP address), which as described above is not stored in full and therefore loses its personal reference, is voluntary. If you as a user do not allow access, you will not be able to view the digital version of the annual report.
In the following, we inform you about the social media presences operated by Oldenburgische Landesbank AG. You can reach these in the individual networks or via the social media icons in the footer of this website.
Please note: These social media buttons merely provide links to the respective providers. As long as these buttons are not clicked, no transmission/forwarding to these providers takes place. If you click on these buttons, you will be forwarded to the website of the respective provider. Depending on whether you were logged in to the respective providers at the time of clicking, your data will be processed according to the data usage guidelines of these providers and may be used for profiling, which is not our responsibility.
The following social media icons are integrated into our website footer:
Nature and purpose of processing:
OLB Bank operates a fan page on Facebook in order to communicate with customers, interested parties and users active there and to be able to inform them about our services there.
If you visit our fan page, Meta Platforms Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, collects, stores and processes your personal data in accordance with its privacy policy. The privacy policy can be found here: https://de-de.facebook.com/policy.php. Data processing by us beyond this only takes place to a very limited extent:
For statistical evaluation purposes, we use the Facebook Insights function. In this context, we receive anonymized data on the users of our Facebook fan page. It is not possible for us to draw any conclusions about you personally.
You can find more information about Facebook Insights here: www.facebook.com/legal/terms/information_about_page_insights_data
With regard to the processing of Insights data, there is joint responsibility between Facebook and us. Details of this are governed by the Joint Controller Addendum, which can be found here: www.facebook.com/legal/terms/page_controller_addendum
To data subjects, Facebook Ireland provides the gist of the Page Insights Addendum. We recommend that you contact Facebook directly for more information.
In the context of sweepstakes, data is collected for their processing. The details of this, such as what data is collected for what purpose, can be found in the privacy notices and conditions of participation of the respective sweepstakes.
Legal basis:
The legal basis for the integration of Facebook and the associated data transfer is your consent (Art. 6 para. 1 lit. a DSGVO).
Recipient:
When using the link on our websites, anonymized usage data is transferred to Facebook.
Storage period:
We do not collect any personal data through the integration of Facebook.
Third-country transfer:
Facebook processes your data in the USA.
Provision mandatory or required:
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot provide you with the service.
Type and purpose of processing:
On the Instagram channel "olb.bank" we inform you about young financial knowledge, interesting facts from the OLB working world and OLB as a training company. You can also leave comments and ask questions.
If you visit our fan page, personal data will be stored and processed by Meta Platforms Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, as the provider of Instagram in accordance with Instagram's privacy policy. The privacy policy can be found here: https://help.instagram.com/519522125107875
By us, data processing beyond this only takes place to a very limited extent. For the purpose of demand-oriented design and continuous optimization of our pages, we use the statistics service Instagram Insights. This service records your activity on our site and makes it available to us in anonymized statistics. This gives us insights into, among other things, the interactions of our fan page visitors, the views of our page, the reach of posts, information about the activity of our subscribers as well as information about which countries and cities our visitors come from as well as statistics about the gender ratios of our visitors. Conclusions about individual users as well as access to individual user profiles by the administrator are not possible.
In the context of competitions, data is collected for their processing. The details of this, such as what data is collected for what purpose, can be found in the privacy notices and conditions of participation of the respective sweepstakes.
Legal basis:
The legal basis for the integration of Instagram and the associated data transfer is your consent (Art. 6 para. 1 lit. a DSGVO).
Recipient:
When using the link on our websites, anonymized usage data is transferred to Facebook.
Storage period:
We do not collect any personal data through the integration of Instagram.
Third-country transfer:
Facebook processes your data in the USA.
Provision mandatory or required:
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot provide you with the service.
YouTube
Type and purpose of processing:
The YouTube channel "Oldenburgische Landesbank AG" presents videos on the subject of banking, e.g. all about the offers from OLB Bank or helpful tips on how to use the offers from OLB Bank.
Personal data is stored and processed by Google LLC ("Google"), Amphitheatre Parkway, Mountain View, CA 94043, USA, as operator of YouTube, in accordance with Google's privacy policy. The privacy policy can be found here: https://policies.google.com/privacy?hl=de&gl=de
Legal basis:
The legal basis for the integration of YouTube and the associated data transfer is your consent (Art. 6 para. 1 lit. a DSGVO).
Recipient:
When using the link on our websites, anonymized usage data is transferred to Google.
Storage period:
We do not collect any personal data through the integration of Google.
Third-country transfer:
Google processes your data in the USA.
Provision mandatory or required:
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot provide you with the service.
Type and purpose of processing:
On the LinkedIn channel "Oldenburgische Landesbank AG" we publish company news and content related to OLB Bank.
Personal data is stored and processed by Linkedin Ireland Unlimited Company, 70 Sir John Rogerson's Quay - D02 R296 Dublin as the provider of LinkedIn in accordance with LinkedIn's privacy policy. The privacy policy can be found here: https://de.linkedin.com/legal/l/dpa
Legal basis:
The legal basis for the integration of LinkedIn and the associated data transfer is your consent (Art. 6 para. 1 lit. a DSGVO).
Recipient:
When you use the link on our websites, anonymized usage data is transferred to LinkedIn.
Storage period:
We do not collect any personal data through the integration of LinkedIn.
Third-country transfer:
Linkedin processes your data in the USA.
Provision mandatory or required:
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot provide you with the service.
Type and purpose of processing:
On the XING channel "Oldenburgische Landesbank AG", we publish company news and content related to OLB Bank.
Personal data is stored and processed by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany as the provider of XING in accordance with XING's privacy policy. The privacy policy can be found here: https://privacy.xing.com/de/datenschutzerklaerung
Legal basis:
The legal basis for the integration of XING and the associated data transfer is your consent (Art. 6 para. 1 lit. a DSGVO).
Recipient:
When you use the link on our websites, anonymized usage data is transferred to XING.
Storage period:
We do not collect any personal data through the integration of XING.
Third-country transfer:
Xing processes your data in the USA.
Provision mandatory or required:
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot provide you with the service.
Type and purpose of the processing:
Your data will exclusively be used for sending the newsletter to which you subscribed by email. Your name is necessary to personally address you in the newsletter and to identify you, if necessary, if you wish to exercise your rights as data subject.
It suffices to provide your email address for receiving our newsletter. When subscribing to our Newsletter, the data provided by you will exclusively be used for this purpose. Subscribers may also be informed about circumstances via email that are relevant to the service or the registration (such as changes to the newsletter offer or technical conditions).
We need a valid email address for an effective registration. We use the “double opt-in” procedure to check whether a subscription has actually been made by the owner of an email address. For this purpose, we protocol the ordering of the newsletter, the sending of a confirmation mail, and the receipt of the reply requested therein. No other data is collected. The data is only used for sending the Newsletter and will not be disclosed to any third parties.
Legal basis:
Based on your explicitly given consent (point (a) of Article 6 (1) of GDPR), we will send our newsletter or comparable information on a regular basis by email to the email address you provided.
You can withdraw your consent to the storage of your personal data and its use for sending the Newsletter at any time, with effect for the future. You can find a corresponding link in each Newsletter. You can also unsubscribe directly on this website at any time or inform us about your withdrawal via the contact stated at the end of this Privacy Policy.
Recipients:
Recipients of the data might be processors whom we engage for sending the newsletter.
Storage period:
Data will only be processed in this connection for as long as we have the relevant consent. It will be deleted afterwards.
Unsubscribing:
You may unsubscribe from the newsletter, at any time, directly in the newsletter. For this purpose, confirm the “Unsubscribe link” contained in the email. Another consequence is that your consent to advertising by email will be deleted from our systems. You may also unsubscribe by withdrawing the advertising consent to sending emails.
Provision mandatory or required:
Your personal data is provided voluntarily, solely on the basis of your consent. We will, unfortunately, not be able to send you our newsletter without your consent.
Nature and purpose of processing:
The data which you input will be stored for the purpose of individual communication with you. Various items of personal data may be required for this purpose, depending on the nature of your inquiry. As a rule, your name and a valid e-mail address are sufficient. In case of Investor Relations inquiries, we may require additional data. These data enable us to categorize your inquiry and to respond to it. In the Investor Relations section of our website, you may sign up to receive financial news from us, for instance. This is subject to our newsletter terms (see above). You may optionally provide further data.
Legal basis: As a rule, the data which you provide via our contact forms will be processed on the basis of your voluntary consent (Art. 6(1)(a) of the GDPR).
The purpose of our contact form is to provide an easy way for you to get in touch with us. Your details will be stored in order to process your inquiry and for possible follow-up questions.
In the event that you contact us to request a quotation, your contact form data will be processed for the implementation of pre-contractual measures (Art. 6(1)(b) of the GDPR).
Recipients:
The recipients of your data are internal contacts within our company. We may receive support from processors.
Storage period:
Data will be deleted, at the latest, 6 months after the processing of your inquiry.
In the event that a contractual or investor relationship is established, we will be subject to the statutory retention periods under the German Commercial Code (Handelgesetzbuch - HGB) and the German Securities Trading Act (Wertpapierhandelsgesetz – WpHG) and will delete your data upon expiry of these periods.
Type and purpose of processing:
In order to place our existing customer relationship on a legally new basis in accordance with the BGH ruling of April 27, 2021, we ask you to agree to the current terms and prices. The clauses for contract amendments by means of fictitious consent are new: Amendments to terms and conditions by means of fictitious consent are now only possible in the exceptional cases specified in No. 1 (2) of our GTC. The fictitious consent shall no longer apply to the amendment of charges. All other contractual agreements with you remain unchanged.
You can give your consent conveniently via our website.
The data you enter will be processed for identification and agreement of the GTCs. If you use this option, the data is processed for the implementation of contractual measures (Art. 6 para. 1 lit. b DSGVO).
Recipients:
Recipients of the data are, if applicable, order processors.
Storage period:
Data is stored for the duration of the customer relationship with us as well as beyond that for the fulfillment of the statutory retention obligations according to HGB and AO.
After expiry of the periods, your data will be deleted.
Provision mandatory or required:
The provision of your personal data is voluntary. However, you can only give your consent on our website if you provide the necessary data for identification and agreement of the GTCs.
Type and purpose of the processing:
On this website, we make use of the pass creation offer from YOUR PASS. In this way, for example, information or campaign passes for products can be created and stored on a private smartphone.
Wallet passes are small files which contain all the information required to display the pass – e.g. images and text. The passes are made available for iPhones and Android smartphones.
Once wallet passes are saved, the iPhone sends the user a message via the Apple Push Notification Service (APNS). In turn, this generates a random ID (a so-called Device Library Identifier) which is sent to YOUR PASS. This ID is used to update wallet passes, but does not allow the user to be identified. When the pass is deleted or the push notifications are deactivated, YOUR PASS is informed of this from APNS, which means that from that point in time, no more updates are sent to the smartphone of the user.
The passes of third-party provider apps for presenting wallet passes on Android smartphones work in the same way as was described for Apple products, with the difference that the Google push notification service is used.
When wallet passes are downloaded and opened via the smartphone (contents e.g. for the apps Apple Wallet or third-party provider apps for Android), there is no contractual relationship between the user and YOUR PASS. Only the obtained data “anonymous pass ID” and the associated “time stamp” are collected. The data processing is for securing the YOUR PASS system against attacks, for obtaining the desired pass and for allocating an anonymous ID.
Legal basis:
The legal basis for integrating YOUR PASS and the associated data processing is your consent (point (a) of Art. 6(1) GDPR).
Recipient:
The data recipient is YOUR PASS (YOUR PASS, s.r.o., Türkova 2319/5b, 149 00 Prague 4 – Chodov, Czech Republic) – and at the same time, the place of the processing in connection with Amazon Web Services in Frankfurt (GDPR Centre, Data Residency, FAQ Data Protection), which can be contacted by post via Amazon Web Services, 2021 Seventh Ave., Seattle, Washington 98121 USA. The functions within the EU are server infrastructure, web services, database and hosting.
Storage period:
Your personal data is erased or blocked as soon as the purpose for which it was stored no longer applies. The technically necessary collection of accesses by users generally takes place for a period of a few hours, up to 7 days at a maximum. The data may also be stored if this has been stipulated accordingly by the European or domestic legislator in the regulations, laws or other ordinances of the European Union to which the controller is subject. A blocking or erasure of data also takes place if a retention period which is prescribed by the aforementioned standards expires, unless the continued retention of the personal data is required for entering into or fulfilling a contract.
Transfer to third countries:
Your data is processed on servers outside of the EU (e.g. USA) where no appropriate level of data protection can be guaranteed. For further information on this, please observe the terms of use and data protection information of YOUR PASS, s.r.o., Türkova 2319/5b, 149 00 Prague 4 – Chodov, Czech Republic. These can be found here with the privacy policy.
Withdrawing your consent:
You can object to the mandatory data protection at any time if this relates to your person. Your objection has no retrospective consequences for you. Processing which has already taken place remains unaffected by the objection.
Provision mandatory or required:
The data (anonymous ID) is provided voluntarily. If users prevent access to this, the desired pass cannot be stored.
OLB Online Banking (incl. apps).
Type and purpose of processing:
Registration
We process personal data for the purpose of logging in to Online Banking. The following login data are processed in the process: personal access data and personal identification data or media.
Transaction
To carry out a transaction in online banking, we process the transaction number (TAN) assigned to you personally and the IP address of the terminal device from which the transaction was initiated in the course of two-factor authorization (PIN-TAN procedure).
Photo transfer
To use the photo transfer tool, relevant payment information data (payee, purpose, amount, etc.) is extracted from an image file using text recognition software and inserted into the transfer mask. To use the function, access to the device camera and, if necessary, to the photo or document archive for uploading files is required. Consent can be revoked at any time in the smartphone settings.
OLB Cash - Cash payments
To process deposits and withdrawals via OLB Cash, relevant account information and the corresponding transaction data are transmitted to the selected OLB Cash partner. To display the OLB Cash partners, the location is processed if consent has been given. Consent can be revoked at any time in the settings of the smartphone. Further information can be found in the privacy policy of the operating system of the smartphone.
CDCVM - Consumer Device Cardholder Verification Method (e.g. FaceID)
CDCVM is an authentication method using the smartphone or tablet. Authorization can take place via a fingerprint sensor or the device's camera, for example. CDCVM is mainly used in online banking. After assigning a login password, an optional log-in is possible via Touch ID or Face ID on iOS or via fingerprint on Android. This data is only stored locally on the device and is not passed on to third parties for processing. The setting can be revoked at any time in the smartphone settings.
Location information - Nearby
For the display of the closest branches and ATMs, the current location is processed and transmitted to the respective card provider of the application platform. Consent can be revoked at any time in the smartphone settings. For more information, please refer to the privacy policy of your smartphone's operating system.
Branch and ATM search
For the use of the branch and ATM search, the Google Maps service is used within online banking to display maps and to create directions. You can find more information on the use of Google Maps on this page under "External services".
Use of individual digital services in online banking
When using special digital services in online banking (e.g. paydirekt), additional data processing may take place. The supplementary data protection notices are listed in the individual terms of use of the respective service. Further information on the individual terms of use of the digital services can be found here.
Cookies
In addition, we use cookies for various purposes in the context of online banking. You can find out how we use these cookies in our online banking and which deactivation options are available to you on this page under "Cookies and similar technologies".
Legal basis:
The data processing is carried out on the legal basis of Art. 6 para. 1 lit. b (contract execution/initiation) of the EU Data Protection Regulation (EU-DSDGVO). If, in individual cases, data is collected beyond this, consent is obtained for this on the basis of the legal basis of Art. 6 (1) a DSGVO.
Recipients:
Recipients of the data are, if applicable, order processors whose systems are used for the provision of the services as well as external services (e.g. Google), if you use the services on the basis of the consent given to us.
Storage period:
We store this data in our systems until the statutory retention periods have expired. These are generally 6 or 10 years for reasons of proper accounting and tax law requirements.
Provision mandatory or required:
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to our online banking and the respective services.
Use of video consultation
Nature and purpose of processing:
Individual information about your personal and factual circumstances that may be mentioned in connection with the use of video consulting, in particular within the conversation between you and your consultant will be collected by us only for the purpose that you have given us in this regard (contract execution(initiation). We use the data we collect about you exclusively to enable the functionalities you have requested and to provide the services requested by means of the functionalities.
If you communicate with us via this channel, you do not have to register. You will receive an access code from us for use. In addition to your name and (optionally) your e-mail address, we store the time and duration of your dial-in. This serves your consultant as a chronicle of the calls you have made. In addition, your data will only be used for the purpose of dialing into the video consulting service. After the call, no stored communication content remains on the servers.
If you turn on your webcam, your image will be transmitted.
The conversations are generally not stored (neither image nor sound), this also applies to the information you may provide in the chat. Should a recording be necessary due to a legal requirement, we will obtain your consent in advance.
For statistical purposes, the topic, duration and time of the conversation are recorded anonymously. This helps us to optimize our services. It will not be passed on to third parties.
Legal basis:
The data processing is carried out on the legal basis of Art. 6 Para .1 lit b (contract implementation/initiation) of the EU Data Protection Regulation (EU-DSGVO).
Recipients:
Recipients of the data are, if applicable, order processors whose systems are used for the provision of the service.
Storage period:
If there is a need to record and store data, we will comply with the statutory retention periods and delete your data after these periods have expired.
Provision mandatory or required:
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot provide you with the service.
Handling of emails
Wherever you will be able to send a message to OLB from its websites, the contents of such message will be subject to cryptographic encryption. We use the email address provided by you to send you an email with the information you requested. We will not send any unencrypted notifications about customer matters by email. If the contents of your message relate to a contractual relationship, we will keep the email.
Before sending any unencrypted email through your internet provider, please remember that its contents will not necessarily be protected on the internet against unauthorised access, distortion, etc.
Encryption
We use automatic cryptographic end-to-end encryption for each dialogue through OLB Websites which might contain personal data. The key size is at least 128 bits each.
Access protection at OLB
The OLB data processing network is protected against the outside world by a state-of-the-art firewall system. Internal OLB applications are accessible for authorised persons through a log-in procedure, including an individual user key and password. User rights within the applications are restricted according to the business needs based on legitimation systems.
Duties of secrecy
Employees of OLB must comply with
- bank secrecy;
- data secrecy;
- secrecy of telecommunication;
- trade and business secrets;
- private secrecy;
- and social secrecy, if appropriate.
Data protection officers must comply with a special professional secrecy, in addition.
This body is also available for requests for access, suggestions, complaints, objections, and withdrawals relating to data protection matters.
Insofar as we are obliged to transfer data based on legal regulations or a court decision, we cooperate with the competent authorities.
The German text provided shall be controlling and binding. The English language translation is provided for convenience only.
The protection of your privacy and your personal data is a key concern for us. We process your personal data in accordance with the relevant data protection regulations. We also maintain up-to-date technical and organizational measures to ensure data protection and data security. All the security technologies we use are state of the art and are constantly updated. Our security concepts are continuously adapted and updated in line with new findings.
In the following, we would like to inform you about how we handle personal data when you use our banking apps:
- OLB Banking / OLB: Finance & Banking to go
- Wüstenrot OLB Banking
- Württembergische OLB Banking
- Neelmeyer Banking
(hereinafter referred to as the "App").
1. General
1.1 Who is responsible for data processing and who can I contact?
Is the controller pursuant to Art. 4 No. 7 GDPR:
Oldenburgische Landesbank AG
Stau 15/17
26122 Oldenburg
(hereinafter: "OLB Bank")
Data Protection Officer:
Oldenburgische Landesbank AG
Data Protection Officer
Stau 15/17
26122 Oldenburg
Phone: 0441 221-0
Fax: 0441 221-1457 E-mail: datenschutz@olb.de
1.2 Definitions
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4 No. 1 GDPR).
Processing includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data (Art. 4 No. 2 GDPR).
2. Data processing
When you use the app, we process your data for the purposes described in more detail below on the basis of the legal bases set out below.
2.1 Processing through account opening and account management
With regard to data processing when opening and managing an account, we refer to our general data privacy statement for customers and interested parties, which you can find in the app under "OLB Bank Data Privacy Notice" and on the Internet at olb.de/dsgvo (section General Data Protection Regulation / document "Data Protection Information").
2.2 Data processing by downloading from the App Store
When you download the mobile app, the required information is transmitted to the App Store, in particular your user name, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it.
2.3 Purposes of data processing in the app and legal basis
Unless otherwise described in the following sections, the legal basis for data processing in the context of the use of the app follows from Art. 6 para. 1 lit. b GDPR. In this case, the processing of your data is necessary to provide you with the functionalities of the app.
2.3.1 Initial setup of the app
For the initial registration in the app, you must provide the following information, which is required for use:
2.3.1.1 New customers (only possible via OLB Banking / OLB: Finance & Banking to go)
- App password
- Selection of whether the fingerprint sensor / Touch ID / Face ID is used
- Release the camera / scan QR code
2.3.1.2 Existing customers via "Transfer app" or "Easy App Start"
- App password
- Selection of whether the fingerprint sensor / Touch ID / Face ID is used
- Release the camera / scan QR code
2.3.1.3 Existing customers manually
- App password
- Selection of whether the fingerprint sensor / Touch ID / Face ID is used
2.3.1.4 Degussa Bank customers via (Easy) Onboarding process
- App password
- Selection of whether the fingerprint sensor / Touch ID / Face ID is used
- Release the camera / scan QR code
Further information can be found in the app under "Data Protection Information OLB Bank" and on the Internet at olb.de/dsgvo (section General Data Protection Regulation / document "Data Protection Information").
2.3.2 Use of the app
When you use the app, data such as account balances, account transactions, card data, etc., as well as payment information for transfers, for example, are transmitted between your banking app and our bank computer systems in highly encrypted form. If you use third-party bank connections in our app, the transfer of such data also takes place with the bank computer systems of the respective bank.
In addition to using the functions offered by the app directly in the app, the app also allows you to use web banking at
to use. In this case, the app in conjunction with the biometrics activated for the app (Touch ID, Face ID) serves as a “key” for web banking, which you can use to log in and confirm transactions. This functionality is not available with the PIN-TAN procedures we offer.
As soon as you use one of the services via the app or attempt to do so, your mobile device establishes an online connection to the server of the service providers of OLB Bank or to the server of OLB Bank. The transmission of data to the server is necessary so that you can retrieve content on your mobile device. The Bank collects, records, organizes, arranges, stores, adapts or modifies, retrieves, queries, uses, discloses by transmission, dissemination or any other form of provision, compares or links, restricts, deletes or destroys the personal data of users only if and to the extent necessary to provide the services.
During your use of the app, we or our service providers process data (e.g. card registrations for 3DS, card sales requests and approvals/rejections, card sales, IP address, start and end of use, functions/settings accessed) that are necessary for the intended access to the services and their intended use. The app may provide you with certain information about the transactions you have carried out (in particular payment amount and payment date) to give you an overview of the transactions you have already carried out. The relevant data will be made available to you by OLB Bank. Please note: This transaction data does not constitute a legally binding account statement. Legally binding bookings and statements of account are only made in accordance with the General Terms and Conditions.
2.3.3 Push notifications
You have the option of receiving push notifications when using this app. Push notifications are messages that appear on your smartphone without opening the respective app. The purpose of the push notification is to inform the user about new authentication messages (e.g. direct releases or transaction numbers). The information itself is not included in the push notification, but can only be retrieved after opening the app.
To receive push messages, the app must be registered with the operating system operators. A token is generated by the operators and transferred to the app. The so-called device token is then transmitted to your institution or the IT service provider and stored there. Your consent is required to activate the function (Art. 6 para. 1 lit. a) GDPR). Consent can be withdrawn at any time, with effect for the future, in the system settings.
2.3.4 Using the physical maps as digital maps in the app
We offer Google Pay and Apple Pay for debit cards (Debit Mastercard®) and credit cards with our apps. You can find the data protection information on Apple Pay at:
https://support.apple.com/de-de/HT203027
https://www.apple.com/de/legal/privacy/data/de/apple-pay/
You can find the data protection information on Google Pay at:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
2.3.5 Touch ID / Face ID
After assigning access protection, an optional login via the biometric features of the device is possible, e.g. via Touch ID/Face ID (iOS) or Fingerprint (Android). If you activate this function, you do not have to enter your access code and your release code every time you log in, as you can authenticate yourself using this alternative method. If you have activated login via fingerprint/Face ID, the app will use the service provided by your device for verification. However, at no time will your fingerprint/Face ID or any features derived directly from it be used by the app or transmitted to OLB.
2.3.6 Photo transfer
You can also use the app to make a bank transfer by scanning your camera. To do this, the app needs authorization to access the camera. In this regard, you can enable access to the camera after installing the app. This is done via the operating system used on the mobile device (Android/iOS). This access authorization is required for the use of this service and, once granted, is stored in the operating system of your respective mobile device by means of a so-called flag (identification) and must be given again for each new device." If you then want to make a photo transfer, scan the data of the transfer or a QR code on the transfer using the camera so that it is transferred to the transfer template. Alternatively, you can upload a PDF, photo or similar file of the transfer/invoice so that the data is transferred to the transfer template. To use PDFs, photos or similar files, the app requires access to your device's memory.
The data is read out by our service provider Gini GmbH. The legal basis for this processing is Art. 6 para. 1 lit. a) GDPR. As with every bank transfer, you will then have the opportunity to check the data again and, once the transaction has been approved, the data will be transmitted to OLB as usual for the purpose of carrying out the transaction.
2.3.7 Geolocalization
If you have consented to the use of location data, we will only use your location in the ATM and branch search to show you the nearest ATMs or branches. This data is not stored.
2.3.8 Cookies & website tracking technologies
For some services, such as the product area, the banking app uses "application routes" of OLB Bank. In this case, cookies and website tracking technologies may be used. If website tracking is provided for the respective service or the "application route", you will be asked for your consent at the beginning of the respective "application route". The following tools are used:
2.3.8.1. etracker
This is a web analysis tool from the provider Etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, which is used for marketing, optimization and analysis purposes. Data processing only takes place with your prior consent. The legal basis in this respect is Art. 6 para. 1 lit. a) GDPR.
The following data can be processed by the tool: Browser language, date and time of the visit, device operating system, IP address, referrer URL, time zone, access status and browser information. The data is deleted if it is no longer required for processing purposes.
2.4 Feedback data
If you send us feedback via the app, please send it by e-mail.
The following information will be sent in the subject line of your e-mail to help you assign your feedback more precisely:
- The manufacturer's name of the smartphone or tablet you are using
- The version number of the mobile operating system of your smartphone or tablet
- The version number of the app you are using
The transmission to OLB takes place in the background when the message is sent. This data is processed and used by our customer service department to process your service request, for example to be able to reproduce an error you have reported. In addition, we use the technical data for the further development and improvement of the app. Like the e-mail address, we automatically delete this data after 90 days.
2.5 Storage period of the data
We do not store your data for longer than we need it for the respective processing purposes. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - storage is still necessary. Reasons for this may include the following:
- The fulfillment of statutory retention obligations: These include, in particular, the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The retention and documentation periods specified there are up to ten years.
- Obtaining evidence for legal disputes within the scope of the statutory limitation periods: Civil limitation periods can be up to 30 years, whereby the regular limitation period is three years. As soon as your personal data is no longer required for the purpose for which it is processed, we delete or anonymize it in accordance with the relevant laws and regulations.
3. Automated decision-making
We do not intend to use personal data collected from you for automated decision-making (including profiling).
4. Your rights
4.1 Your right to information
You are entitled to request an overview of your personal data processed by us. For example, you can obtain a copy of the personal data that we store about you.
4.2 Your right to rectification
If your details are not (or no longer) correct, you can request a correction. If your data is incomplete, you can request that it be completed. If we have passed on your data to third parties, we will inform these third parties of your correction - insofar as this is required by law.
4.3 Your right to erasure
You can request the immediate deletion of your personal data for the following reasons:
- If your personal data is no longer required for the purposes for which it was collected
- If you revoke your consent and there is no other legal basis
- If you object to the processing on conclusive grounds and there are no overriding legitimate grounds for processing
- If your personal data has been processed unlawfully
- If your personal data must be deleted in order to comply with legal requirements.
4.4 Your right to restriction of processing
You have the right to request that the processing of your personal data be restricted for one of the following reasons:
- If the accuracy of your personal data is disputed by you and we have had the opportunity to verify its accuracy
- If the processing is not lawful and you request a restriction of use instead of erasure
- If we no longer need your data for the purposes of processing, but you need it to assert, exercise or defend against legal claims
- If you have lodged an objection while it is not yet clear whether your interests prevail
4.5 Your right to data portability
You have the right to receive a copy of the data concerning you in a structured, commonly used and transferable format and to transmit this data to other organizations. You also have the right to ask us to transfer your personal data directly to other organizations named by you. We will transfer your personal data where technically feasible and permitted by applicable national law.
4.6 Your right to object
If we only process your data on the basis of legitimate interests or in the public interest, you have the right to object to the processing of your data in the event of a special situation. If we use your data for direct marketing or advertising activities, you can object to the processing without giving reasons. However, you cannot ask us to delete your personal data if
- we are still legally obliged to store them;
- this is necessary for the performance of a contract with you.
Please see our separate note in the section "Information about your right to object".
4.7 Your right of appeal
In individual cases, you may not be satisfied with our response to your request. You are then entitled to lodge a complaint with the Data Protection Officer of OLB Bank and with the competent data protection supervisory authority. Details of your rights can be found in the respective provisions of the General Data Protection Regulation (Articles 15 to 22 GDPR).
We engage processors for providing and operating our services and we concluded contractual regulations with them which comply with the applicable data protection laws.
We reserve the right to amend this Privacy Policy to ensure its consistent compliance with the current legal requirements or to implement changes in our services in the Privacy Policy, e.g. by launching new services. The new Privacy Policy will then apply to any new visit.
If you have questions about data privacy, please write an email or directly contact the person in our organisation who is responsible for data protection. Contact our corporate Data Protection Officer at:
Oldenburgische Landesbank AG
Data protection officer
Stau 15/17
26122 Oldenburg
Phone: 0441 221-0
Fax: 0441 221-1457
Email: datenschutz@olb.de
The corporate Data Protection Officer is responsible for observing the “Data Protection Principles”.
Even authorised accesses will be verified for their business purpose, on a spot-check basis. The automatic processing of personal data at OLB is supervised by the competent Data Protection Supervisory Authority.
These Data Protection Principles relate to all websites belonging to the www.olb.de domain.
Adaptation of the Data Protection Principles
Any launch of new products or services by OLB or any future amendments of the data protection and information security technology might affect the “Data Protection Principles”. Therefore, we reserve the right to change or supplement the principles in case of need. We endeavour to publish any change immediately here, to enable you to understand, at any time, what data we collect, how such is used and under what circumstances they might be disclosed.
Change history
02 March 2010/Version 0: Initial publication of the Data Protection Principles.
04 July 2016/Version 1: Sitecore information supplemented..
08 Oct. 2020/Version 2: Revision of the Data Protection Principles regarding the consent for processing.
Contact for data protection matters
If you have questions about the collection, processing or use of your personal data by Oldenburgische Landesbank AG, please contact: datenschutz@olb.de.
Information on data usage
We wish to inform you about the use of your data according to the provisions in data protection laws. You can find relevant information here under the heading "Datenschutzgrundverordnung" (available in German language only). You may request to have them sent to you.